Transparency is a great way for cloud providers to demonstrate and prove good security practices to their customers. Often times, however, the transparency stops when outages or service hiccups occur. During an incident, how a cloud provider communicates to its customers says a lot. In a guest post for the Cloud Security Alliance, I discuss why customers should expect clear, transparent SLAs from their service providers, what customers should expect during an incident and why transparency is so important from a security and trust perspective. Head over to the Cloud Security Alliance to read the full post.

With the growing movement of enterprises to the cloud, it’s more important than ever that service providers demonstrate and prove good security practices to their customers, in good times and in bad. During an incident, how a cloud provider communicates to its customers says a lot about its commitment to security. Sounds obvious, right? Well, three different times during the past seven months — and once while I was on a panel at the 2012 CSA Congress in Orlando — I’ve learned that it isn’t clear after all. As CSO at Okta, I work closely with our customers and they always ask, “What will you guys do if a breach occurs?”

When I tell customers that we’ll proactively reach out to them with written communication within hours of any important incident, they are surprised … which surprises me. We include transparent communication into every service level agreement (SLA), alongside availability guarantees and recovery point and time objectives.

SLAs exist so that customers have a means to measure the basic service performance of their providers. SLAs can sometimes be very complex and involve many components. But it’s the communication aspect that I see most commonly omitted. It’s important for cloud providers to incorporate communication protocols into their SLAs to ensure trust and transparency with their customers.

Proactive Communication

The most basic question that customers have for their cloud providers is finding out if there’s been a breach in service. During last year’s CSA conference in Orlando, the same question came up again and again: “How would I even know if the service is breached?”

Typically, when a large consumer-facing provider goes down the company posts a “We’re sorry” or a fail message on its homepage. This works for a service such as Google, which expects users will visit the site, see the service interruption and then wait for the site to come back online. Users might Tweet about how annoyed they are that Google’s down, but they wouldn’t expect a phone call from a Google rep explaining the problem and detailing the company’s plans to resolve the problem. Large, consumer services such as Google simply have too many millions of users.

But for enterprises that rely on cloud services to run their businesses, an impersonal “sorry” on the provider’s website is little consolation during an interruption or breach. They should expect, as part of the signed SLA, a proactive message alerting them to the problem and detailing the response.

Visit the Cloud Security Alliance blog to read the full article.

Energy management is a hot topic (sometimes literally.) One of our customers, EnerNOC, is playing an industry-changing role in the energy management space by offering technology-enabled solutions to commercial, institutional and industrial organizations. In addition to providing demand response solutions, the company also offers energy consulting to businesses looking to use energy more intelligently. Gerry Wilson, EnerNOC’s CIO, recently sat down with Okta to discuss our role in helping the energy management solution provider move to the cloud and successfully integrate its IT organization while doing so.

“The move to the cloud has changed the way we’ve viewed identity and access management to some extent,” Gerry said. “While the challenge remains the same whether the applications are on premise or in the cloud, it becomes more difficult when you’re dealing with cloud-based identifications to both manage those identifications and reset those passwords. If it’s not something you’re doing on your own premise, you’ve got to work through your third party providers and applications to get that done.” Continue reading →

Looks cool, right? Well, it was no easy task. A lot went into building Okta Mobile for iOS. I’d have to write a multi-page article to cover all of the aspects involved in building a mobile app, so let’s instead focus on the most interesting aspects of Okta Mobile. There are three key elements:

• Multi tab browser
• SSO wrapper
• Security

In addition to these key elements, I’ll also address memory management and the methods we used to get customer feedback during the development process.

Multi-Tab Browser

The Okta Mobile app is essentially a multi-tab browser wrapped with Okta’s single sign-on (SSO) technology to simplify the login process for users. SSO and security are the core distinctions, but it is also equally important to develop an app browser that is as close as possible to a main grade browse. It was clear to us that SSO without the convenience of a multi-tab browser wouldn’t achieve successful adoption among our users. So, we set out to build a cool, performant multi-tab browser. Continue reading →

Today we announced that Okta’s on fire. Well, not exactly, but we did announce a more than 500 percent year-over-year increase to our customer count and significant adoption of our free Okta Cloud Connect product (formerly called Okta Directory Integration Edition). In the past twelve months, we added a few customers you might recognize, from your laundry detergent and cleaning supply brand to your favorite fast food fried chicken and your window to the world. That’s right: Clorox, Popeye’s Chicken and National Geographic are now among our more than 300 enterprise customers.

Another new customer that’s particularly exciting for us is London Gatwick Airport, the United Kingdom’s second largest international airport. Gatwick employs more than 27,000 staff members and contractors and saw more than 34.2 million passengers pass through its terminals in 2012. It recently chose Okta to be its core platform for identity and access management. Continue reading →

Lithium Technologies provides and enables some of the world’s leading brands with social customer experience. Misha Logvinov, Lithium’s chief customer officer, recently spoke with us on what drove Lithium to invest in an identity and access management solution, and more specifically, Okta. To hear our full interview with Misha, watch Lithium’s customer testimonial video below or on our website.

What caused you to seek out an identity and access management solution?

Prior to selecting Okta, we had no solution to manage our employees’ identities centrally. This presented a number of challenges both for our employees as well as for our IT organization. It limited adoption of our cloud tools and created significant overhead for our IT organization because people kept forgetting their passwords and sometimes would set insecure passwords. There was no real central way for monitoring and reporting on that. Continue reading →

We recently hosted a CIO panel with four IT leaders to discuss the evolving role of IT amid the pressures of mobile and cloud adoption in business today. Ralph Loura (CIO, Clorox), Dan Willey (CIO, Wilbur-Ellis), Evan Trent (SVP, School of Rock) and Carl Eberling (CIO, Encore Capital) represented an eclectic mix with backgrounds in consumer goods, agriculture, education and financial services. This unique mix made for a great discussion about the evolution and future of CIOs and IT.

Our CEO and panel moderator, Todd McKinnon, kicked things off by bringing up the notion that every company is now a technology company as mobile, cloud and other technologies seep into all aspects of business. Ralph and Evan both spoke about how Clorox and School of Rock use mobile as a core strategy to connect with consumers. Clorox, for example, repurposed almost all of its sites to be mobile friendly and launched five mobile applications, using technology to build a loyal fanbase. Evan, meanwhile, discussed how technology allows the music school with 100+ franchises worldwide to compete strategically and manage a dispersed IT. The company now sits 100 percent in the cloud and delivers programming from internal mobile apps to its students. Continue reading →

You might not know this, but we’ve got some pretty fascinating people working behind the scenes at Okta. We sat down with one of them – senior UX designer Brian Hansen – to discover what’s in the company’s special sauce, discussing what he does day-to-day, why he chose Okta and what drives him to come to work every morning (and no, we don’t mean MUNI).

If you like what you read and think you might have what it takes to join our growing team, we want to meet you. Check out our Careers Page for available positions.

What is your current position and role at Okta?

Brian Hansen, Senior User Experience Designer at Okta

I’m one of two user experience designers at Okta. To explain my job in the simplest terms, I’m responsible for designing, and to some extent implementing, the user interface of Okta’s product. I was hired on as the sixth employee and have been with the company for almost four years. (Quite frankly, that’s rare for an enterprise to hire a UX designer so early on!) Continue reading →

We recently had the pleasure of catching up with Welles Hatch, City Year’s CIO, to learn what Okta’s doing to help this not-for-profit organization challenge the educational status quo. If you’re not familiar, City Year provides AmeriCorps corps members on teams to work as mentors, coaches and tutors in schools across the country to get kids at risk of dropping out of school back on track to graduate.

One of Okta’s major benefits, according to Welles, is increased mobility, which is critical for City Year’s service model since the company’s corps members often don’t have offices to work from within the schools.

“We’re enabling a BYOD environment,” Welles explains. “So the administrative challenges around letting anyone show up with any appliance and having a purely web-based authentication environment as a means of maintaining security is prominent on the roadmap, and we’re comfortable that Okta’s going to enable that.” Continue reading →

In a recent article in AllThingsD, Okta CEO Todd McKinnon, explains why the pace of change is so often misunderstood in enterprise software — and the implications that has for CEOs setting company strategy and VCs investing in new technologies.

There are massive changes taking place in the enterprise, but legacy software is still a reality for most organizations — and it will be for years to come — because of three main reasons: product cycle, adoption time and entrenchment. Head over to AllThingsD to read the full article.

In Silicon Valley, and high technology in general, there’s a common narrative about how the new disrupts the old, and the old subsequently dies. It’s a compelling narrative, especially in an industry such as technology where fortunes are made in the name of innovation — but it’s important to separate the signal from the noise. That narrative is applied too often and too broadly, leading to faulty company strategies and poor investments. Continue reading →

Guest post by Nathan McBride, vice president, IT at AMAG Pharmaceuticals

It’s funny to think that just three years ago I gave a presentation to a large consulting firm on what they might encounter in enterprise IT in the next few years called “What is the Cloud?” Since then I have had the unique experience of being able to speak at conferences and gatherings across the country, but you won’t hear me giving that introductory “What is the Cloud?” talk anymore.

Based on the requests for types of presentations that I’ve received recently, it’s obvious that more and more companies have gotten past the “wet feet” stage of moving to the cloud and are now looking for strategies and information about the next steps in embracing a cloud service model within the enterprise.

To kick off my 2013, I’ll be speaking at Bio-IT World in Boston on Wednesday, April 10 at 11:00 am ET about several topics in a session titled “Pharma Disruptors: A Real-World Look Into How Cloud Computing Can Impact Your Business”. In the presentation, I’ll cover how my company, AMAG Pharmaceuticals, and our IT team of just four moved our department to the cloud by: Continue reading →